Phish: I'm getting a 3 hour Suspension!

Here’s the e-mail:

Return-Path: <corghy_13@hotmail.com>
Received: from blu0-omc3-s5.blu0.hotmail.com (blu0-omc3-s5.blu0.hotmail.com [65.55.116.80])
Reply-To: <WoWAccountAdmin@blizzard.com>
From: “WoWAccountAdmin@blizzard.com” <WoWAccountAdmin@blizzard.com>
To: <***@gmail.com>
Subject: World of Warcraft Account Management
Date: Fri, 19 Feb 2010 00:41:51 -0800

World of Warcraft -> Legal -> End User License Agreement
and Section 8 of the Terms of Use:
Blizzard Entertainment -> Legal -> Terms of Use
A 3-hour probationary suspension is pending on this account, awaiting confirmation from a specialist. A final warning has been issued. The investigation will be continued by the Account Administration team to determine the any further suspensions. If the account in question is found in violation of the EULA and Terms of Use, further action will be taken. Be aware that any additional inappropriate actions may result in the permanent closure of the account.
Thank you for respecting our position on this matter.
==============================
====================================================================================
** We request that you verify your legitimate ownership of the account here:http://www.worldofwarcraft-accounts-Concern.com
Blizzard staff will verify your account information submitted in two days, please do not modify your account information during this time . It will not affect your game uptime.
If you are unable to successfully verify your password .
using the automated system, please contact Billing & Account Services at 1-800-59-BLIZZARD (1-800-592-5499) Mon-Fri, 8am-8pm Pacific Time or at billing@blizzard.com. Account security is solely the responsibility of the account holder. Please be advised that in the event of a compromised account, Blizzard representatives typically must lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.
Regards,
The World of Warcraft Support Team Blizzard Entertainment

So, lets see here…

  • Header shows its from Hotmail
  • 3 hour ban will never be pending. Either they suspend or not. They don’t warn.
  • Who is this mail from if it is not from the “specialist”…perhaps from a generalist that only suspects? What poppycock is this?
  • “Final warning has been issued.” Ooooooh…how scary sounding. But…umm…where was my first warning?
  • “Investigation will be continued by the Account Administration team” So much for the specialist….
  • “If the account in question is found in violation for the EULA and the Tems of Use, further action will be taken.” Well, I got this e-mail for a reason right? Which would be I already did? So WTF?

Blizzard will suspend your account if they find evidence of wrong doing. They won’t warn you, they just do it.

Once action is taken then you get e-mail with information on how to challenge the action if you feel it was done in error.
This information will not contain a web link. (Except the standard link to the support site.)
The best way to challenge these decisions is via Phone or E-Mail.

But look here, the hook:

“We request that you verify your legitimate ownership of the account”

But wait…wouldn’t the PROPER way of stating that be:

We request you verify you are the legitimate owner of the account.

or:

We request ownership of the account be verified.

Ya, those two would be correct and not “noobish”
And of course the site they link:

www.worldofwarcraft-accounts-Concern.com

So totally not Blizzard, but it has Concern :-)

But this is my FAVORITE Part:

Blizzard staff will verify your account information submitted in two days, please do not modify your account information during this time

Oh yes, wait 2 days…don’t change a THING!! Ya, cause for some reason Blizzard can’t see this happening immediatly. They are using a network that is SO Slow it takes 2 days for information to be delivered.
ITS THE TUBES!!!

This way, the hacker has 2 days to clean out your account before you notice anything is wrong…

Seriously, Think about it….
What exactly do they need you to verify? They sent you e-mail, so they pretty much just DID verify your account….
What else is there they need to verify?

UPDATE:

  • Received again on Wed, 24 Feb 2010 11:45:08 -0800

Linking to: www.worldofwarcraft-battles-account.com

Return-Path: kintaro_snake@hotmail.com
Received: from frhgksa ([208.176.232.194]) by BLU0-SMTP24.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 10 Mar 2010 21:56:51 -0800
Reply-To: <WoWAccountAdmin@blizzard.com>
From: “WoWAccountAdmin@blizzard.com ” <WoWAccountAdmin@blizzard.com>
To: <***@gmail.com>
Subject: World of Warcraft Account Management

Linking to: www.worldofwarcraft-accounts-blizzard.com

WOW…look at that domain. Its 3 domains in one:

  • WorldOfWarcraft
  • Accounts
  • Blizzard

Unfortunatly for the hacker, domains don’t work that way…so…Not Blizzard.

  • Received again:
  • Return-Path: fusion_rlcmx@hotmail.com
    Received: from hf ([206.128.81.228]) by BLU0-SMTP40.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959);
    Mon, 15 Mar 2010 21:58:45 -0700
    From: “noreply@blizzard.com” <wowaccountadmin@blizzard.com>
    To: <jayras@gmail.com>
    Subject: World of Warcraft – End User License Agreement

    Linking to: www.worldofwarcraft-battle-passwordcheck.com

    Another great 3 part domain that is really only 1 part.

    Oh ya…still not Blizzard

    Return-Path: winno6@hotmail.com
    Received: from bxpne ([222.244.144.201]) by BLU0-SMTP42.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
    Fri, 30 Apr 2010 00:57:23 -0700
    From: “wowaccountadmin@blizzard.com”
    To: ***@gmail.com
    Subject: World of Warcraft Account Management

    Linking to: www.worldofwarcraft-usaccoutadmin.info

    Ooops…some misspelling here…accoutadmin…should be accountadmin. Put on the dunce cap and go sit in the corner!!

Ͼ http://www.pthkm.com/xpjylc/ http://www.pthkm.com/bgylc/ Ͼֳ http://www.pthkm.com/pjylc/ ewinֳ http://www.ybewv.com/ewinylc/ Ŷij http://www.ybewv.com/amdc/ ˰ټ http://www.eklhp.com/zrbjl/ Ŷij http://www.aojxq.com/amdcgl/ bet http://www.lpmwq.com/bet365ylc/ ȫѶ http://www.wfgpb.com/qxwgw/ 188 http://www.ywiql.com/jbb188gq/ bet http://www.nwiza.com/bet365ylc/ 365 http://www.rvodp.com/bet365tyzx/ Ͼ http://www.yjzhv.com/smxpjgw/ Ͼij http://www.utssx.com/ampjdc/ ˹˶ij http://www.bkrft.com/amwnsrdc/ Ͼij http://www.bkrft.com/pjdc/ ƶij http://www.bkrft.com/yddc/ Ŷij淨 http://www.bkrft.com/amdcwf/ ȫѶ http://www.bkrft.com/qxwzx/ ˹ά˹ij http://www.fldwd.com/lswjsdc/ ζij http://www.fldwd.com/lwdc/ ŶijЩ http://www.fldwd.com/amdcynx/ ij http://www.fldwd.com/mddc/ ˹˶ij http://www.fldwd.com/wnsrdc/ Ͼij http://www.yuwew.com/amxpjdc/ ĥij http://www.yuwew.com/mddc/ ijϷ http://www.yuwew.com/dcyx/ ĥƽij http://www.yuwew.com/mdhjdc/ ĥij http://www.hgvnk.com/lwmddc/ Űټ http://www.hgvnk.com/ambjl/ ټϷ http://www.hgvnk.com/bjlyx/ ˰ټ http://www.hgvnk.com/zrbjl/ http://www.dnczv.com/bcw/ Ŷij http://www.ybewv.com/amdc/ ˰ټ http://www.eklhp.com/zrbjl/ ټ http://www.zytygb.com/baijiale/ Ŷij http://www.luyouren.com/amdc/ ֳ http://www.yjzhv.com/ozylc/ Ŷij http://www.luyouren.com/aomenduchan/ bet http://www.lsylnj.com/bet365/ Ŷij http://www.lsylnj.com/amdc/ ټ http://www.lsylnj.com/bjl/ http://www.lsylnj.com/bcw/ ˹ http://www.lsylnj.com/wnsrylc/ Ͼ http://www.lsylnj.com/xpjylc/ ټ http://www.zytygb.com/baijiale/ Ŷij http://www.luyouren.com/aomengdushang/ ewinֳ http://www.luyouren.com/ewinyulechen/ bet http://www.luyouren.com/bet365/ ټ http://www.luyouren.com/bjl/ Ŷij http://www.luyouren.com/amdc/ Ŷij http://www.luyouren.com/amduchan/ Ŷij http://www.luyouren.com/aomendc/ Ŷij http://www.luyouren.com/aomenduchan/ Ŷij http://www.luyouren.com/aomengdushang/ ewinֳ http://www.luyouren.com/ewinylc/ ewinֳ http://www.luyouren.com/ewinylchen/ ewinֳ http://www.luyouren.com/ewinylec/ ewinֳ http://www.luyouren.com/ewinyulc/ ewinֳ http://www.luyouren.com/ewinyulechen/ http://www.dnczv.com/bcw/ ټ http://www.dnczv.com/bjl/ bet http://www.dnczv.com/bet365/ ˹ http://www.pthkm.com/wnsrylc/